Samsung Mobile Devices vulnerabilities

CVE-2022-33723 [MEDIUM] CWE-1021 CVE-2022-33723: A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attacke A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

CVE-2022-33721 [MEDIUM] CWE-94 CVE-2022-33721: A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers t A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

CVE-2022-33727 [MEDIUM] CWE-1021 CVE-2022-33727: A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attac A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

CVE-2022-33716 [MEDIUM] CWE-457 CVE-2022-33716: An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attack An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

CVE-2022-33714 [LOW] CWE-284 CVE-2022-33714: Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

CVE-2022-33725 [LOW] CWE-94 CVE-2022-33725: A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

CVE-2022-33729 [LOW] CWE-20 CVE-2022-33729: Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 R Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-33718 [LOW] CWE-863 CVE-2022-33718: An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows unt An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

CVE-2022-33722 [LOW] CWE-285 CVE-2022-33722: Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacke Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.

CVE-2022-33726 [LOW] CWE-561 CVE-2022-33726: Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attack Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.

CVE-2022-33728 [LOW] CWE-200 CVE-2022-33728: Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attacker Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.

CVE-2022-33724 [LOW] CWE-200 CVE-2022-33724: Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allo Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.

CVE-2022-33720 [LOW] CWE-284 CVE-2022-33720: Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical att Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

CVE-2022-33703 [HIGH] CWE-20 CVE-2022-33703: Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attack Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-33695 [HIGH] CWE-732 CVE-2022-33695: Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorize Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

CVE-2022-30754 [HIGH] CWE-20 CVE-2022-30754: Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows at Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

CVE-2022-30756 [HIGH] CWE-20 CVE-2022-30756: Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attac Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

CVE-2022-33704 [HIGH] CWE-20 CVE-2022-33704: Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 all Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-30755 [HIGH] CWE-287 CVE-2022-30755: Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.

CVE-2022-33691 [MEDIUM] CWE-367 CVE-2022-33691: A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow lo A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.